The Amiga partition parser module uses signed int for partition sector address and count, which will overflow for disks larger than 1 TB.

Use sector_t as type for sector address and size to allow using disks up to 2 TB without LBD support, and disks larger than 2 TB with LBD.

This bug was reported originally in 2012, and the fix was created by the RDB author, Joanne Dow jdow@earthlink.net. A patch had been discussed and reviewed on linux-m68k at that time but never officially submitted. This patch differs from Joanne's patch only in its use of sector_t instead of unsigned int. No checking for overflows is done (see patch 2 of this series for that).

Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=43511 Fixes: 1da177e4c3f41524 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org # 5.2 Reported-by: Martin Steigerwald Martin@lichtvoll.de Message-ID: 201206192146.09327.Martin@lichtvoll.de Signed-off-by: Michael Schmitz schmitzmic@gmail.com Tested-by: Martin Steigerwald Martin@lichtvoll.de Reviewed-by: Geert Uytterhoeven geert@linux-m68k.org Reviewed-by: Christoph Hellwig hch@lst.de

---

Changes from v3:

- split off change of sector address type as quick fix. - cast to sector_t in sector address calculations. - move overflow checking to separate patch for more thorough review.

Changes from v4:

Andreas Schwab: - correct cast to sector_t in sector address calculations

Changes from v7:

Christoph Hellwig - correct style issues --- block/partitions/amiga.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/block/partitions/amiga.c b/block/partitions/amiga.c index 5c8624e26a54..85c5c79aae48 100644 --- a/block/partitions/amiga.c +++ b/block/partitions/amiga.c @@ -31,7 +31,8 @@ int amiga_partition(struct parsed_partitions *state) unsigned char *data; struct RigidDiskBlock *rdb; struct PartitionBlock *pb; - int start_sect, nr_sects, blk, part, res = 0; + sector_t start_sect, nr_sects; + int blk, part, res = 0; int blksize = 1; /* Multiplier for disk block size */ int slot = 1;

@@ -96,14 +97,14 @@ int amiga_partition(struct parsed_partitions *state)

/* Tell Kernel about it */

- nr_sects = (be32_to_cpu(pb->pb_Environment[10]) + 1 - - be32_to_cpu(pb->pb_Environment[9])) * + nr_sects = ((sector_t)be32_to_cpu(pb->pb_Environment[10]) + 1 - + be32_to_cpu(pb->pb_Environment[9])) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize; if (!nr_sects) continue; - start_sect = be32_to_cpu(pb->pb_Environment[9]) * + start_sect = (sector_t)be32_to_cpu(pb->pb_Environment[9]) * be32_to_cpu(pb->pb_Environment[3]) * be32_to_cpu(pb->pb_Environment[5]) * blksize;